I'm using Apache::Htpasswd to manage log-ins to a web site. User/Password pairs are stored in a text file. It works fine for creating and deleting the User/Pwd pairs. But when I try to let users change their passwords I get into trouble.

What happens is that the password changes fine, but then the next user in the list doesn't work. When I look at the password file what I find is, when I'm changing password for user3,
before:

user1:pwd1
user2:pwd2
user3:pwd3
user4:pwd4
user5:pwd5
user6:pwd6
[download]

after:

user1:pwd1
user2:pwd2
user3:newpwd3:user4:pwd4
user5:pwd5
user6:pwd6
[download]

So user3 has a new password, but user4 can't log in at all (n.b. the extra : between newpwd3 and user4 is what actually appears, oddly enough).

I've stripped down the code that does this to the bearest essentials, and it still exhibits this behaviour:

my $g = shift;
my $UserName = shift;
print h1 "new $g->{NewPassWord}, old $g->{OldPassWord}";
# these details are shown to be correct

my $pwd = new Apache::Htpasswd("/path/to/my/passwordfile");

#$pwd->htpasswd($UserName, $g->{NewPassWord}, $g->{OldPassWord});
# either with the line above or the line below it still goes wrong:
$pwd->htpasswd($UserName, $g->{NewPassWord}, 1);
[download]

I'm really stumped by this. One option is to delete the user and then create a new user with the same user name but a different password. But (A) that creates the very faint risk of a race condition and somebody else getting in with the same user name; and (B) it bothers me not to understand why this is going wrong. But I must confess I don't understand. I'd be most grateful to any sibling monk who can shed some light.

§ George Sherston